From 533a0655ddaa6734559394612088b0f3f0a54213 Mon Sep 17 00:00:00 2001
From: Doug Walker <doug.walker@autodesk.com>
Date: Wed, 13 May 2026 14:42:52 -0400
Subject: [PATCH] Add CVE to security

Signed-off-by: Doug Walker <doug.walker@autodesk.com>
---
 SECURITY.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index 2693a4a8d..a3f8990a4 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -23,10 +23,6 @@ Include detailed steps to reproduce the issue, and any other information that
 could aid an investigation. Someone will assess the report and make every
 effort to respond within 14 days.
 
-## History of CVE Fixes
-
-None
-
 ## File Format Expectations
 
 Attempting to read an OCIO config (YAML) file will:
@@ -60,3 +56,7 @@ set of behaviors as with file loading.
 It is a bug if calling a function with well-formed arguments causes the 
 library to crash. It is a security issue if calling a function with 
 well-formed arguments causes arbitrary code execution.
+
+## History of CVE Fixes
+
+CVE-2026-42450 -- Stack buffer overflow in sscanf. (Fixed in OCIO 2.5.2)